Re: administering 1,000 zone files
This is a discussion on Re: administering 1,000 zone files within the Bind Users forums, part of the DNS and Related Forums category; Mariano Cunietti <mcunietti@enter.it> wrote: > On Thu, 2004-12-30 at 14:22, phn@icke-reklam....
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-30-2004
|
|||
|
|||
Re: administering 1,000 zone files
Mariano Cunietti <mcunietti@enter.it> wrote:
> On Thu, 2004-12-30 at 14:22, phn@icke-reklam.ipsec.nu wrote: >> > What I'm actually looking for is a way to synchronize named.conf >> > on both servers: each time I add a new zone to the master, I want th= e >> > correspondig slave statement to be created on the slave server. >>=20 >> > This could be accomplished through a (perl?) script, maybe using a >> > shared SQL database which is populated via web. >>=20 >> > My questions are: >> > a) can you suggest me such a tool to perform these tasks? >>=20 >> perl + ssh / rsync to distribute the resulting file. A few=20 >> hours of work si all you need. >>=20 >> Also look into using a "hidden" master , it will simplify things=20 >> whenever you encounter an error during reload of your master. > Thanks Peter. > I was considering to use the "include" statement in my slave named.conf= , > to ease the readability of my newly generated slave zone list, and to > keep it apart from general configuration statement as well. > May this be a *correct* way to proceed? Yes. I'll post a per to do just this, it's partof a larger collection and it's invoked via "doall" : #!/bin/sh # wrapper script # CHANGE THIS : .. /home/peter/proj/somesite/vit-dns/bin/common # make includes ../geninline # check result for i in slaves/* do echo -n "Checking $i/`basename $i`.conf" named-checkconf $i/`basename $i`.conf echo "." done "geninline" contains : #!/bin/sh # file to generate slave-files from master # # CONFIGURE THIS .. /home/peter/proj/somesite/vit-dns/bin/common # cd $BASE # resulting configfiles GATEKEEPERSE=3Dgatekeeper.somesite.se GATEKEEPERCOM=3Dgatekeeper.somesite.com GATESE=3Dgate.somesite.se echo "My ip seems to be $IPUSED" # $BIN/parse-conf -n $NAMEDCONF -i include.conf -a acl.conf -m $IPUSED # for i in slaves/* do echo -n "Creating $i " $BIN/addinclude $i/`basename $i` echo "." done "addinclude" : #!/bin/sh # $1 =3D FQDN-of-dns-server # CONFIGURE THIS .. /home/peter/proj/somesite/vit-dns/bin/common # DSERV=3D$1 cd $BASE echo "// Automatically generated at `date`" > $DSERV.conf echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf echo "// NS-specific header :$DSERV.header" >> $DSERV.conf cat $DSERV.header >> $DSERV.conf echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf echo "// common acl " >> $DSERV.conf cat acl.conf >> $DSERV.conf echo "// Base cfg part : $NAMEDCONF" >> $DSERV.conf echo "// common zones " >> $DSERV.conf cat include.conf >> $DSERV.conf echo "// end of included common zones" >> $DSERV.conf "common" ( where global settings are done ) : #!/bin/sh # common config variables for DMAN # source ( .common ) in bourne-scripts # # location of files BASE=3D/home/peter/proj/somesite/vit-dns BIN=3D$BASE/bin # program to determind hidden masters IP IPUSED=3D`$BIN/extractip` # # name and location of master named.conf NAMEDCONF=3D$BASE/masterns/named.conf # # location of slaves config SLAVES=3D$BASE/slaves and finally "parse-conf" looks like : #!/usr/bin/perl # # parse-conf -n named.conf -i nsinclude.conf -a nsacl.conf -m <masterip> # # .1 deal in a rudimentary way with comments # NOTE some combinations of one-line dont work !! # use Getopt::Std; getopts('n:i:a:m:v') or die "Usage $0 -n <infile> -i <include> -a <acl> [= -v]\n"; if ( ! $opt_n ){ print " -n <infile> missing\n"; exit 1; } else{ $CONF=3D$opt_n; }; if ( ! $opt_i ) { print " -i <generated include file> missing \n"; exit 1; } else { $INC=3D$opt_i; }; if ( ! $opt_a ) { print "-a <generated acl file> missing \n"; exit 1; } else { $ACL=3D$opt_a; }; if ( ! $opt_m ) { print "-m <masters ip> missing\n"; exit 1; } else { $masters =3D $opt_m; }; # print "input=3D$CONF, nsinclude=3D$INC, nsacl=3D$ACL\n"; # # read named.conf, scan for tags '//<tag>' and scan for # tags of the form '//<tag>' and corresponding '//</tag>' # curr. recignz 'nsinclude' och 'nsacl' open(IN,$CONF) or die "File $CONF not found\n"; $state =3D 0; # 0 =3D outside , 1=3D include,2 2=3Dacl $commented =3D 0; # true inside comments NXT: while(<IN>) { chomp(); # print "[ $_ ]\n"; if ( $commented =3D=3D 1 ) { # reset after nl $commented =3D 0; }; if ( $commented =3D=3D 0) { # not in ML comments / *\/\/[^<]/ && do { $commented =3D 1; # single-line # print "single-line comment\n"; }; / *#/ && do { $commented =3D 1; # single-line # print "single-line # \n"; }; }; / *\/\*/ && do { $commented =3D 2; # possible multiline # print "start of ML comment\n"; }; / *\*\// && do { if ( $commented =3D=3D 2) { $commented =3D 0; # print "end of ML comment\n"; }; }; /\/\/<nsinclude>/ && do { # starting nsinclude if ( $state !=3D 0 ) { print "//<nsinclude> nested ?\n"; exit 1; }; $state =3D 1; open(NSINCLUDE,">$INC") or die "cannot open $INC\= n"; # print "//<nsinclude>\n"; next NXT; }; /\/\/<\/nsinclude>/ && do { # ending nsinclude if ( $state !=3D 1 ) { print "missing //<nsinclude>\n"; exit 1; }; $state =3D 0; close(NSINCLUDE); # print "//</nsinclude>\n"; next NXT; }; /\/\/<nsacl>/ && do { # nsacl ? if ( $state !=3D 0 ){ print "//<nsacl> nested ?\n"; exit 1; }; $state =3D 2; open(NSACL,">$ACL") or die "Cannot open $ACL\n"; # print "//<nsacl>\n"; next NXT; }; /\/\/<\/nsacl>/ && do { if ( $state !=3D 2 ) { printf "missing //<nsacl> \n"; exit 1; }; $state =3D 0; close(NSACL); # print "//</nsacl>\n"; next NXT; }; /\/\/</ && do { # reject unknown tags print "Unknown tag ($_)\n"; exit 1; }; # not a tag, copy according to state if ( $state =3D=3D 0 ) { # do nothing }; if ( $state =3D=3D 1 ) { # do include /type *master/ && do { if ( $commented =3D=3D 0 ) { # only adj r= eal printf NSINCLUDE " type slave= ;\n"; printf NSINCLUDE " masters {$= masters;};\n"; next NXT; }; }; /file / && do { if ( $commented =3D=3D 0 ) { # replace first component of file (=3D typically "master" ) with "slave" $_ =3D~ s/file\s+\"\w+\//file \"s= lave\//g; printf NSINCLUDE "$_\n"; next NXT; }; }; printf NSINCLUDE "$_\n"; }; if ( $state =3D=3D 2) { # acl file printf NSACL "$_\n"; }; }; END of parse-conf 2 special tags "<nsacl>" and <nsinclude> may be found in the=20 original, when found they will write files which will be concatenated together in the "addunclude" stage.=20 The end result is that the dir slaves/<slave>/ will be filles with=20 a config-file xx.conf, see allinclude for details. The xx.header part contains nameserver-unique info. Feel free to munge, pleae mail me with significant improvements ( yes there is lots of them) and forgive me for my mistakes, ( my documetation is in swedish and might not be usabkle for you) > Alex: obviously my perl script would "translate" the statements to a co= rrect slave syntax. > TIA > Mariano > --=20 > ----------------------------- > Mariano Cunietti > System Administrator > Enter S.r.l. > Via Stefanardo da Vimercate, 28 > 20128 - Milano - Italy > Tel. +39 02 25514319 > Fax +39 02 25514303 > mcunietti@enter.it > www.enter.it - www.enterpoint.it > ----------------------------- > Gruppo Y2K - www.gruppoy2k.it --=20 Peter H=E5kanson =20 IPSec Sverige ( At Gothenburg Riverside ) Sorry about my e-mail address, but i'm trying to keep spam out= , remove "icke-reklam" if you feel for mailing me. Thanx. 
|
Linear Mode
